Most organizations in the United States are attempting to go paperless, that is, store, organize, and file their documents digitally. This transition entails storing and using these documents while they are contained in a compact digital format on miniaturized electronic memory devices and avoids having to have filing cabinets of historical data. That digital storage often occurs on the cloud which consists of third party server farms. A significant problem for many businesses, especially smaller offices, is getting existing paper documentation into digital form and then extracting required elements of that data.
This problem is made more difficult in highly regulated industries such as the health industry where statutes such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules impose a significant burden of confidentiality on parties in that industry.
A further significant related problem is the need for different parties within the industry to have access to selected parts of the stored data.
The present invention addresses both of these issues by providing a system and method in which data can be sent in an encrypted form to a secure data storage site via a secure path. That data is then accessible and under the control of one accountable party—in the case of medical data, the person who is the subject of the data. That accountable party can then share some or all of that data with other parties, or give other parties authorization to access specific element of that data. In that way, a patient may control access to, and sharing of, their own medical data. So a patient having multiple care practitioners may easily share relevant information such as, but not limited to, updated insurance plans, basic information about address and history as well as specific data relevant to a particular care provider without allowing access to irrelevant data, personal data. For instance, a patient with a heart condition may need to share data on medications, but may not want to share data on past psychiatric issues.